No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring VRRP Association

Configuring VRRP Association

VRRP association enables VRRP to detect faults in a timely manner and triggers an active/standby switchover when the master or the uplink of the master becomes faulty. VRRP association optimizes VRRP switchover and enhances network reliability.

Pre-configuration Tasks

Before configuring VRRP association, complete the following task:

You can configure VRRP association only after basic VRRP functions are configured.

Configuring Association Between VRRP and BFD to Implement a Rapid Active/Standby Switchover

Context

When a VRRP group is faulty, the backup with the highest priority detects the fault and switches to the master after the Master_Down_Interval timer expires. The switchover period is at least 3s. During the switchover period, service traffic is still sent to the original master, causing user traffic loss. As shown in Figure 11-42, the VRRP group is associated with a BFD session on the backup so that the BFD session can rapidly detect communication faults of the VRRP group. When the BFD session detects a fault, it notifies the VRRP group that the priority of the backup needs to be increased. Then an active/standby switchover is triggered immediately. This millisecond-level switchover reduces traffic loss.

When the fault is rectified, the priority of the backup is restored and the original master switches to the master again to forward traffic.

NOTE:
  • A VRRP group can be associated with only a static BFD session or a static BFD session with automatically negotiated discriminators.

  • The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Figure 11-42 Association between VRRP and BFD to implement a rapid active/standby switchover

Procedure

  1. Configure a static BFD session or a static BFD session with automatically negotiated discriminators. For details, see Configuring Single-Hop BFD, Configuring Multi-Hop BFD, and Configuring Static BFD with Automatically Negotiated Discriminators.
  2. Run:

    system-view

    The system view is displayed.

  3. Run:

    interface interface-type interface-number

    The view of the interface on the backup where a VRRP group is configured is displayed.

  4. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  5. Run:

    vrrp vrid virtual-router-id track bfd { bfd-session-id | session-name bfd-configure-name } [ increase value-increased | reduce value-reduced ]

    Association between VRRP and BFD is configured.

    By default, a VRRP group is not associated with a BFD session.

    NOTE:
    When associating a VRRP group with a BFD session, note the following points:
    • If session-name bfd-configure-name is specified, the VRRP group can be bound to only the static BFD session with automatically negotiated discriminators.

    • If bfd-session-id is specified, the VRRP group can be bound to only the static BFD session.

    • After the value by which the priority increases is set, ensure that the priority of the backup is higher than the priority of the master.

  6. Run:

    commit

    The configuration is committed.

Configuring Association Between VRRP and Link/Peer BFD to Implement a Rapid Active/Standby Switchover

Context

When a VRRP group is faulty, the backup with the highest priority detects the fault and switches to the master after the Master_Down_Interval timer expires. The switchover period is at least 3s. During the switchover period, service traffic is still sent to the original master, causing user traffic loss. As shown in Figure 11-43, the VRRP group is associated with a link/peer BFD session on the backup so that the BFD session can rapidly detect communication faults of the VRRP group. When the BFD session detects a fault, it notifies the VRRP group that the priority of the backup needs to be increased. An active/standby switchover is triggered immediately. This millisecond-level switchover reduces traffic loss.

After a fault is rectified, the BFD sessions go Up, and the devices in the VRRP group restore their VRRP status.

NOTE:
  • A VRRP group can be associated with only a static BFD session or a static BFD session with automatically negotiated discriminators.

  • The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Figure 11-43 Association between VRRP and link/peer BFD to implement a rapid active/standby switchover

Procedure

  1. Configure a static BFD session or a static BFD session with automatically negotiated discriminators. For details, see Configuring Single-Hop BFD, Configuring Multi-Hop BFD, or Configuring Static BFD with Automatically Negotiated Discriminators.
  2. Run:

    system-view

    The system view is displayed.

  3. Run:

    interface interface-type interface-number

    The view of the interface on the backup where a VRRP group is configured is displayed.

  4. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  5. Run:

    vrrp vrid virtual-router-id track bfd { bfd-session-id | session-name bfd-configure-name } [ peer | link ]

    The VRRP group is configured to monitor a link or peer BFD session.

    NOTE:
    When associating a VRRP group with a BFD session, note the following points:
    • If session-name bfd-configure-name is specified, the VRRP group can be bound to only the static BFD session with automatically negotiated discriminators.

    • If bfd-session-id is specified, the VRRP group can be bound to only the static BFD session.

    • If the VRRP group is bound to an mVRRP group, the mVRRP group maintains the VRRP group status, and the VRRP group is unable to monitor any BFD sessions.

    • In the scenario where the VRRP group is associated with a link BFD session and a peer BFD session, the backup becomes the master if the backup detects the peer BFD session status change before detecting the link BFD session status change. The backup transitions from Master to Initialize after it detects the peer BFD session status change. To prevent the preceding problem, run the min-tx-interval command in the BFD session view to set the interval at which link BFD control packets to be smaller than the interval at which peer BFD control packets are sent.

  6. (Optional) Run:

    vrrp vrid virtual-router-id track link-bfd down-number

    The threshold for the number of monitored link BFD sessions in Down state is set.

    If the number of monitored link BFD sessions reaches the threshold, an active/standby switchover is performed.

  7. Run:

    commit

    The configuration is committed.

Configuring Association Between VRRP and VRID-based Dynamic BFD

Context

When a VRRP group is faulty, the backup with the highest priority detects the fault and switches to the master after the Master_Down_Interval timer expires. The switchover period is at least 3s. During the switchover period, service traffic is still sent to the original master, causing user traffic loss. As shown in Figure 11-44, a VRRP group is configured on Switch ModuleB to monitor the VRID-based dynamic BFD session so that the BFD session can rapidly detect communication faults of the VRRP group. After receiving the session Down event, Switch ModuleB immediately switches to the master and sends gratuitous ARP packets to update MAC address entries on the switch.

NOTE:

The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Figure 11-44 Association between VRRP and VRID-based dynamic BFD to implement a rapid active/standby switchover

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    bfd

    BFD is enabled globally and the BFD view is displayed.

    By default, BFD is disabled globally.

  3. Run:

    quit

    Return to the system view.

  4. Run:

    interface interface-type interface-number

    The view of the interface on the backup where a VRRP group is configured is displayed.

  5. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  6. Run:

    vrrp vrid virtual-router-id bfd peer-ip peer-ip-address

    A VRID-based dynamic BFD session for a VRRP group is created and a peer IP address for the session is configured.

  7. (Optional) Run:

    vrrp vrid virtual-router-id bfd { min-rx-interval receive-interval | min-tx-interval transmit-interval | detect-multiplier multiplier-value } *

    Parameters for the VRID-based dynamic BFD session are configured.

    By default, the minimum intervals at which the local device receives and sends BFD control packets are 1000 ms, and the local detection multiplier is 3.

  8. Run:

    commit

    The configuration is committed.

Configuring Association Between VRRP and the Interface Status to Implement an Active/Standby Switchover

Context

When the uplink interface of the master becomes faulty, VRRP cannot detect the status change of interfaces not in the VRRP group, causing service interruption. You can associate a VRRP group with the interface status. When the monitored interface is faulty, the priority of the master is reduced. This triggers an active/standby switchover and reduces the impact of the uplink interface fault on service forwarding.

When the fault is rectified, the original master restores its priority and switches to the master to forward traffic.

NOTE:

The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The view of the interface on the master where a VRRP group is configured is displayed.

  3. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Run:

    vrrp vrid virtual-router-id track interface interface-type interface-number [ increase value-increased | reduce value-reduced ]

    Association between VRRP and the interface status is configured.

    By default, when the monitored interface goes Down, the VRRP priority of the device decreases by 10.

    NOTE:
    • After the value by which the priority decreases is set, ensure that the priority of the backup is higher than the priority of the master.

    • The monitored interface cannot be a member of the Eth-Trunk interface.

  5. Run:

    commit

    The configuration is committed.

Configuring Association Between VRRP and BFD to Monitor the Uplink Status

Context

Because VRRP cannot detect faults on the uplink of a VRRP group, services may be interrupted. As shown in Figure 11-45, a VRRP group is associated with a BFD session on the master so that the BFD session monitors the uplink status of the master. When the BFD session detects a fault on the uplink, it notifies the VRRP group that the priority of the master needs to be decreased. Then an active/standby switchover is triggered immediately. This reduces the impact of the uplink fault on service forwarding.

When the fault is rectified, the original master restores its priority and switches to the master to forward traffic.

BFD implements millisecond-level detection. Association between VRRP and BFD provides a rapid active/standby switchover.

NOTE:
  • A VRRP group can be associated with only a static BFD session or a static BFD session with automatically negotiated discriminators.

  • The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Figure 11-45 Association between VRRP and BFD

Procedure

  1. Configure a static BFD session or a static BFD session with automatically negotiated discriminators. For details, see Configuring Single-Hop BFD, Configuring Multi-Hop BFD, and Configuring Static BFD with Automatically Negotiated Discriminators.
  2. Run:

    system-view

    The system view is displayed.

  3. Run:

    interface interface-type interface-number

    The view of the interface on the master where a VRRP group is configured is displayed.

  4. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  5. Run:

    vrrp vrid virtual-router-id track bfd { bfd-session-id | session-name bfd-configure-name } [ increase value-increased | reduce value-reduced ]

    Association between VRRP and BFD is configured.

    By default, when the monitored BFD session becomes Down, the VRRP priority decreases by 10.

    NOTE:
    When associating a VRRP group with a BFD session, note the following points:
    • If session-name bfd-configure-name is specified, the VRRP group can be bound to only the static BFD session with automatically negotiated discriminators.

    • If bfd-session-id is specified, the VRRP group can be bound to only the static BFD session.

    • After a VRRP group is associated with a BFD session, the BFD session type cannot be modified. Before deleting the BFD session type, you must delete all original configurations.

    • After the value by which the priority decreases is set, ensure that the priority of the backup is higher than the priority of the master.

  6. Run:

    commit

    The configuration is committed.

Configuring Association Between VRRP and NQA to Monitor the Uplink Status

Context

Because VRRP cannot detect faults on the uplink of a VRRP group, services may be interrupted. You can associate a VRRP group with an NQA test instance on the master so that the NQA test instance monitors the uplink status of the master. When the NQA test instance detects a fault on the uplink, it notifies the VRRP group that the priority of the master needs to be decreased. Then an active/standby switchover is triggered immediately. This reduces the impact of the uplink fault on service forwarding.

When the fault is rectified, the original master restores its priority and switches to the master to forward traffic.

NQA technology collects statistics on the delay, jitter, and packet loss ratio. You can configure the percentage of failed NQA test instances and NQA association to trigger an active/standby switchover when the uplink is unstable.

NOTE:

The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Procedure

  1. Create an NQA test instance. For details, see Configuring an ICMP Test Instance in CX11x&CX31x&CX91x Series Switch Modules Configuration Guide - Network Management Configuration.
  2. Run:

    system-view

    The system view is displayed.

  3. Run:

    interface interface-type interface-number

    The view of the interface on the master where a VRRP group is configured is displayed.

  4. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  5. Run:

    vrrp vrid virtual-router-id track nqa admin-name test-name [ reduce value-reduced ]

    Association between VRRP and NQA is configured.

    By default, when the associated NQA test instance becomes failed, the priority of the device decreases by 10.

    NOTE:

    When setting the value by which the priority decreases, ensure that the priority of the backup is higher than the priority of the master to trigger an active/standby over.

  6. Run:

    commit

    The configuration is committed.

Configuring Association Between VRRP and Routing to Monitor the Uplink Status

Context

Because VRRP cannot detect faults on the uplink of a VRRP group, services may be interrupted. The VRRP group monitors the number of routes on the uplink forwarding path. When the route is withdrawn or becomes inactive, the master' priority is adjusted and an active/standby switchover is performed. This reduces the link fault on service forwarding.

When the fault is rectified, the original master restores its priority and switches to the master to forward traffic.

During route association, the link switchover depends on convergence of a routing protocol associated with the VRRP group.

NOTE:
  • When a VRRP group is associated with a static route, the device can detect only faults on the direct uplink.

  • The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The view of the interface on the master where a VRRP group is configured is displayed.

  3. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Run:

    vrrp vrid virtual-router-id track ip route ip-address { mask-address | mask-length } [ vpn-instance vpn-instance-name ] [ reduce value-reduced ]

    Association between a route and a VRRP group is configured.

    By default, the master' priority decreases by 10 if the associated route is withdrawn or becomes inactive.

    NOTE:

    When setting the value by which the priority decreases, ensure that the priority of the backup is higher than the priority of the master.

  5. Run:

    commit

    The configuration is committed.

Configuring Association Between a VRRP Group and a Direct Route

Context

To improve network reliability, a VRRP group is often used as the gateway for users (for example, common users and base stations) to access external networks. The uplink traffic from users to the network passes the master, but the downlink traffic from the network to users is often transmitted depending on route selection of a dynamic routing protocol. In this case, uplink and downlink traffic may be transmitted along different paths. If the firewall is configured for the VRRP group to improve security, the firewall blocks traffic that is sent and received along different paths. In addition, it is difficult to monitor such traffic and collect traffic statistics.

You can associate a VRRP group with a direct route so that VRRP affects route selection of a dynamic routing protocol. Association ensures that uplink traffic and downlink traffic are transmitted along the same path.

Pre-configuration Tasks

Before configuring association between a VRRP group and a direct route, complete the following tasks:

  • Configuring basic VRRP functions and creating a VRRP group

  • Configuring a dynamic routing protocol to make IP routes of nodes reachable

NOTE:

After association between a VRRP group and a direct route is configured, an Interior Gateway Protocol (IGP) protocol cannot run on the VRRP-enabled interface. If an IGP protocol runs on the interface, the IGP protocol cannot retain the original cost of the imported direct route. As a result, the VRRP group cannot be associated with the direct route.

Procedure

  • Configure association between a direct route and a VRRP group.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-name

      The view of the VRRP-enabled interface is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      This command fails to be executed on the Ethernet interface that has any Layer 2 configuration. Before running this command on the Ethernet interface, delete all the Layer 2 configuration of the Ethernet interface.
      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      direct-route track vrrp vrid virtual-router-id degrade-cost cost-value

      Association between a direct route and a VRRP group is configured.

      Association between the VRRP group and the direct route allows the cost of the direct route to be adjusted based on the VRRP group status.

      • When the VRRP group is in Master state, the cost is set to the default value 0 (highest priority).

      • When the VRRP group is in Backup state, the cost is specified by cost-value (larger than the default value 0).

      NOTE:

      A direct route on the network segment that an interface belongs to can be associated with only one VRRP group. Before associating a direct route that has been associated with one VRRP group to another VRRP group, you must delete the original association configuration.

    5. Run:

      commit

      The configuration is committed.

    6. Run:

      quit

      Return to the system view.

  • Configure a dynamic routing protocol to import the direct route.

    IGP protocols and BGP are mainly used. RIP does not retain the original cost of the imported route, so OSPF, IS-IS, and BGP are used here.

    • Configure OSPF to import the direct route.

      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        ospf [ process-id ]

        The OSPF process view is displayed.

      3. Run:

        import-route direct

        OSPF is configured to import the direct route.

      4. Run:

        default cost inherit-metric

        OSPF is configured to retain the original cost of the imported route.

        NOTE:
        • The default command has the lowest priority. When running the default command, ensure that the apply cost command for the direct route is not executed. Otherwise, the default command does not take effect.

        • After the default cost inherit-metric command is used, the default cost cost-value command that is executed later will overwrite the default cost inherit-metric command.

      5. Run:

        commit

        The configuration is committed.

    • Configure IS-IS to import the direct route.

      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        isis [ process-id ]

        The IS-IS process view is displayed.

      3. Run:

        import-route direct inherit-cost

        IS-IS is configured to retain the original cost of the imported route.

      4. Run:

        commit

        The configuration is committed.

    • Configure BGP to import the direct route.

      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        bgp as-number

        The BGP process view is displayed.

      3. Run:

        import-route direct

        BGP is configured to import the direct route.

        BGP retains the original cost of the imported route in the MED.

      4. Run:

        commit

        The configuration is committed.

Checking the Configuration

Procedure

  • Run the display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] statistics command to check statistics about sent and received packets of the VRRP group.
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 59093

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next